ansible-collections/kubernetes
2
0
Fork 0
Code Issues 8 Pull Requests 1 Actions Projects Releases 28 Wiki Activity

fix: logic #99

Merged
jon_nfc merged 7 commits from 28-29-logic-fixes into development 2024-05-03 18:20:29 +00:00
Conversation 24 Commits 7 Files Changed 5 +54 -22
5 changed files with 54 additions and 22 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
.gitlab/integration_test.gitlab-ci.yml
View File

@ -37,6 +37,8 @@
- | # enter test container - | # enter test container
docker exec -i test_image_${CI_JOB_ID} ps aux docker exec -i test_image_${CI_JOB_ID} ps aux
- docker ps - docker ps
- docker exec -i test_image_${CI_JOB_ID} bash -c 'apt update || true'
- docker exec -i test_image_${CI_JOB_ID} bash -c 'apt update || true'
- docker exec -i test_image_${CI_JOB_ID} apt update - docker exec -i test_image_${CI_JOB_ID} apt update
- docker exec -i test_image_${CI_JOB_ID} apt install -y --no-install-recommends python3-pip net-tools dnsutils iptables - docker exec -i test_image_${CI_JOB_ID} apt install -y --no-install-recommends python3-pip net-tools dnsutils iptables
- | - |

8
roles/nfc_kubernetes/defaults/main.yml
View File

@ -46,6 +46,8 @@ nfc_role_kubernetes_install_kubevirt: false
nfc_role_kubernetes_kubevirt_operator_replicas: 1 nfc_role_kubernetes_kubevirt_operator_replicas: 1
# nfc_role_kubernetes_node_prime: '' # Mandatory*, string. the inventory_hostname of the prime node. ONLY required for multi-node deployments
nfc_role_kubernetes_oidc_enabled: false nfc_role_kubernetes_oidc_enabled: false
nfc_role_kubernetes_resolv_conf_file: /etc/resolv.conf nfc_role_kubernetes_resolv_conf_file: /etc/resolv.conf
@ -53,8 +55,8 @@ nfc_role_kubernetes_resolv_conf_file: /etc/resolv.conf
nfc_role_kubernetes_pod_subnet: 172.16.248.0/21 nfc_role_kubernetes_pod_subnet: 172.16.248.0/21
nfc_role_kubernetes_service_subnet: 172.16.244.0/22 nfc_role_kubernetes_service_subnet: 172.16.244.0/22
nfc_role_kubernetes_prime: true # Mandatory for a node designated as the prime master node nfc_role_kubernetes_prime: false # Mandatory for a node designated as the prime master node
nfc_role_kubernetes_master: true # Mandatory for a node designated as a master node and the prime master node nfc_role_kubernetes_master: false # Mandatory for a node designated as a master node and the prime master node
nfc_role_kubernetes_worker: false # Mandatory for a node designated as a worker node nfc_role_kubernetes_worker: false # Mandatory for a node designated as a worker node
############################################################################################################ ############################################################################################################
@ -136,7 +138,7 @@ k3s:
# usernames: [] # usernames: []
# runtimeClasses: [] # runtimeClasses: []
# namespaces: [kube-system] # namespaces: [kube-system]
when: "{{ kubernetes_config.cluster.prime.name | default(inventory_hostname) == inventory_hostname }}" when: "{{ nfc_role_kubernetes_prime | bool }}"
############################################################################################# #############################################################################################

4
roles/nfc_kubernetes/tasks/k3s/configure.yaml
View File

@ -34,7 +34,7 @@
- src: kubernetes-manifest-rbac.yaml.j2 - src: kubernetes-manifest-rbac.yaml.j2
dest: /var/lib/rancher/k3s/server/manifests/rbac-authorization-common.yaml dest: /var/lib/rancher/k3s/server/manifests/rbac-authorization-common.yaml
when: "{{ kubernetes_config.cluster.prime.name | default(inventory_hostname) == inventory_hostname }}" when: "{{ nfc_role_kubernetes_prime | bool }}"
- src: iptables-kubernetes.rules.j2 - src: iptables-kubernetes.rules.j2
dest: "/etc/iptables-reloader/rules.d/iptables-kubernetes.rules" dest: "/etc/iptables-reloader/rules.d/iptables-kubernetes.rules"
@ -71,7 +71,7 @@
owner: root owner: root
group: root group: root
mode: '700' mode: '700'
delegate_to: "{{ kubernetes_config.cluster.prime.name }}" delegate_to: "{{ nfc_role_kubernetes_node_prime }}"
when: when:
kubernetes_config.hosts[inventory_hostname].labels | default([]) | list | length > 0 kubernetes_config.hosts[inventory_hostname].labels | default([]) | list | length > 0
or or

38
roles/nfc_kubernetes/tasks/k3s/install.yaml
View File

@ -15,12 +15,16 @@
ansible.builtin.stat: ansible.builtin.stat:
name: /var/lib/rancher/k3s/server/manifests/calico.yaml name: /var/lib/rancher/k3s/server/manifests/calico.yaml
register: file_calico_yaml_metadata register: file_calico_yaml_metadata
when: >
nfc_role_kubernetes_prime | bool
- name: Check for calico Operator deployment manifest - name: Check for calico Operator deployment manifest
ansible.builtin.stat: ansible.builtin.stat:
name: /var/lib/rancher/k3s/ansible/deployment-manifest-calico_operator.yaml name: /var/lib/rancher/k3s/ansible/deployment-manifest-calico_operator.yaml
register: file_calico_operator_yaml_metadata register: file_calico_operator_yaml_metadata
when: >
nfc_role_kubernetes_prime | bool
- name: Install dependent packages - name: Install dependent packages
@ -108,12 +112,20 @@
- name: /var/lib/rancher/k3s/server/logs - name: /var/lib/rancher/k3s/server/logs
state: directory state: directory
mode: 700 mode: 700
when: >
{{ nfc_role_kubernetes_master | bool }}
- name: /var/lib/rancher/k3s/server/manifests - name: /var/lib/rancher/k3s/server/manifests
state: directory state: directory
mode: 700 mode: 700
when: >
{{ nfc_role_kubernetes_master | bool }}
- name: /var/lib/rancher/k3s/ansible - name: /var/lib/rancher/k3s/ansible
state: directory state: directory
mode: 700 mode: 700
when: >
{{ nfc_role_kubernetes_master | bool }}
when: >
item.when | default(true)
- name: Add sysctl net.ipv4.ip_forward - name: Add sysctl net.ipv4.ip_forward
@ -499,7 +511,7 @@
dest: /var/lib/rancher/k3s/server/manifests/calico.yaml dest: /var/lib/rancher/k3s/server/manifests/calico.yaml
when: > when: >
{{ {{
kubernetes_config.cluster.prime.name | default(inventory_hostname) == inventory_hostname nfc_role_kubernetes_prime | bool
and and
( (
( (
@ -546,7 +558,7 @@
/tmp/install.sh {% if nfc_role_kubernetes_etcd_enabled %}--cluster-init{% endif %} /tmp/install.sh {% if nfc_role_kubernetes_etcd_enabled %}--cluster-init{% endif %}
changed_when: false changed_when: false
when: > when: >
kubernetes_config.cluster.prime.name | default(inventory_hostname) == inventory_hostname nfc_role_kubernetes_prime | bool
and and
not node_k3s.installed | bool not node_k3s.installed | bool
and and
@ -572,7 +584,7 @@
and and
'calico_manifest' not in ansible_run_tags 'calico_manifest' not in ansible_run_tags
and and
kubernetes_config.cluster.prime.name | default(inventory_hostname) == inventory_hostname nfc_role_kubernetes_prime | bool
and and
not nfc_role_kubernetes_cluster_upgraded | default(false) | bool not nfc_role_kubernetes_cluster_upgraded | default(false) | bool
@ -593,7 +605,7 @@
when: >- when: >-
nfc_kubernetes_enable_metallb | default(false) | bool nfc_kubernetes_enable_metallb | default(false) | bool
and and
kubernetes_config.cluster.prime.name | default(inventory_hostname) == inventory_hostname nfc_role_kubernetes_prime | bool
and and
not nfc_role_kubernetes_cluster_upgraded | default(false) | bool not nfc_role_kubernetes_cluster_upgraded | default(false) | bool
@ -609,7 +621,7 @@
exit 127; exit 127;
fi fi
executable: /bin/bash executable: /bin/bash
delegate_to: "{{ kubernetes_config.cluster.prime.name | default(inventory_hostname) }}" delegate_to: "{{ nfc_role_kubernetes_node_prime }}"
run_once: true run_once: true
register: kubernetes_ready_check register: kubernetes_ready_check
retries: 30 retries: 30
@ -649,7 +661,7 @@
install_olm.rc == 1 install_olm.rc == 1
register: install_olm register: install_olm
when: > when: >
kubernetes_config.cluster.prime.name | default(inventory_hostname) == inventory_hostname nfc_role_kubernetes_prime | bool
and and
nfc_role_kubernetes_install_olm | default(false) | bool nfc_role_kubernetes_install_olm | default(false) | bool
and and
@ -679,7 +691,7 @@
failed_when: false failed_when: false
register: install_olm register: install_olm
when: > when: >
kubernetes_config.cluster.prime.name | default(inventory_hostname) == inventory_hostname nfc_role_kubernetes_prime | bool
and and
'olm_uninstall' in ansible_run_tags 'olm_uninstall' in ansible_run_tags
and and
@ -692,7 +704,7 @@
changed_when: false changed_when: false
failed_when: false # New cluster will fail failed_when: false # New cluster will fail
when: > when: >
kubernetes_config.cluster.prime.name | default(inventory_hostname) == inventory_hostname nfc_role_kubernetes_prime | bool
and and
kubernetes_config.cluster.networking.encrypt | default(false) | bool kubernetes_config.cluster.networking.encrypt | default(false) | bool
and and
@ -712,7 +724,7 @@
- name: Fetch Join Token - name: Fetch Join Token
ansible.builtin.slurp: ansible.builtin.slurp:
src: /var/lib/rancher/k3s/server/token src: /var/lib/rancher/k3s/server/token
delegate_to: "{{ kubernetes_config.cluster.prime.name | default(inventory_hostname) }}" delegate_to: "{{ nfc_role_kubernetes_node_prime }}"
run_once: true run_once: true
register: k3s_join_token register: k3s_join_token
no_log: true # Value is sensitive no_log: true # Value is sensitive
@ -723,7 +735,7 @@
- name: Create Token fact - name: Create Token fact
ansible.builtin.set_fact: ansible.builtin.set_fact:
k3s_join_token: "{{ k3s_join_token.content | b64decode | replace('\n', '') }}" k3s_join_token: "{{ k3s_join_token.content | b64decode | replace('\n', '') }}"
delegate_to: "{{ kubernetes_config.cluster.prime.name | default(inventory_hostname) }}" delegate_to: "{{ nfc_role_kubernetes_node_prime }}"
run_once: true run_once: true
no_log: true # Value is sensitive no_log: true # Value is sensitive
when: > when: >
@ -743,7 +755,7 @@
when: > when: >
nfc_role_kubernetes_master | default(false) | bool nfc_role_kubernetes_master | default(false) | bool
and and
not kubernetes_config.cluster.prime.name | default(inventory_hostname) == inventory_hostname not nfc_role_kubernetes_prime | bool
and and
not node_k3s.installed | bool not node_k3s.installed | bool
and and
@ -758,14 +770,14 @@
INSTALL_K3S_SKIP_DOWNLOAD=true \ INSTALL_K3S_SKIP_DOWNLOAD=true \
INSTALL_K3S_VERSION="v{{ node_k3s.desired_version }}" \ INSTALL_K3S_VERSION="v{{ node_k3s.desired_version }}" \
K3S_TOKEN="{{ k3s_join_token }}" \ K3S_TOKEN="{{ k3s_join_token }}" \
K3S_URL="https://{{ hostvars[kubernetes_config.cluster.prime.name | default(inventory_hostname)].ansible_host }}:6443" \ K3S_URL="https://{{ hostvars[nfc_role_kubernetes_node_prime].ansible_host }}:6443" \
/tmp/install.sh - /tmp/install.sh -
executable: /bin/bash executable: /bin/bash
changed_when: false changed_when: false
when: > when: >
not nfc_role_kubernetes_master | default(false) | bool not nfc_role_kubernetes_master | default(false) | bool
and and
not kubernetes_config.cluster.prime.name | default(inventory_hostname) == inventory_hostname not nfc_role_kubernetes_prime | bool
and and
not node_k3s.installed | bool not node_k3s.installed | bool
and and

24
roles/nfc_kubernetes/tasks/main.yaml
View File

@ -1,15 +1,29 @@
--- ---
- name: Default Variable adjustment [Probable Single Node Install]
ansible.builtin.set_fact:
cacheable: false
nfc_role_kubernetes_prime: true
nfc_role_kubernetes_master: true
nfc_role_kubernetes_node_prime: "{{ inventory_hostname }}"
when: >
not nfc_role_kubernetes_worker | bool
and
not nfc_role_kubernetes_prime | bool
and
not nfc_role_kubernetes_master | bool
- name: Install/Configure Kubernetes Prime Master Node - name: Install/Configure Kubernetes Prime Master Node
ansible.builtin.include_tasks: ansible.builtin.include_tasks:
file: install.yaml file: install.yaml
tags: tags:
- always - always
when: when:
kubernetes_config.cluster.prime.name | default(inventory_hostname) == inventory_hostname
and
nfc_role_kubernetes_prime | bool nfc_role_kubernetes_prime | bool
and and
not nfc_role_kubernetes_worker | bool
and
not kubernetes_installed | default(false) not kubernetes_installed | default(false)
@ -19,10 +33,12 @@
tags: tags:
- always - always
when: when:
kubernetes_config.cluster.prime.name | default(inventory_hostname) != inventory_hostname
and
nfc_role_kubernetes_master | bool nfc_role_kubernetes_master | bool
and and
not nfc_role_kubernetes_prime | bool
and
not nfc_role_kubernetes_worker | bool
and
not kubernetes_installed | default(false) not kubernetes_installed | default(false)